@kernlang/review 2.0.0 → 3.1.0

package/dist/rules/security-v3.js

@@ -0,0 +1,397 @@
+/**
+ * Security v3 rules — OWASP gap closure.
+ *
+ * Covers: Regex DoS, missing input validation, prototype pollution,
+ * information exposure (stack traces in responses).
+ *
+ * All AST-based. Always active regardless of target.
+ */
+import { SyntaxKind } from 'ts-morph';
+import { createFingerprint } from '../types.js';
+function span(file, line, col = 1) {
+    return { file, startLine: line, startCol: col, endLine: line, endCol: col };
+}
+function finding(ruleId, severity, category, message, file, line, extra) {
+    return {
+        source: 'kern',
+        ruleId,
+        severity,
+        category,
+        message,
+        primarySpan: span(file, line),
+        fingerprint: createFingerprint(ruleId, line, 1),
+        ...extra,
+    };
+}
+// ── Rule S9: regex-dos ────────────────────────────────────────────────
+// Regex literals with nested quantifiers or unbounded repetition that
+// can cause catastrophic backtracking (ReDoS).
+//
+// Detects: (a+)+, (a|a)+, (.*a){n}, nested quantifiers in groups
+// CWE-1333
+/**
+ * Check if a regex pattern contains ReDoS-vulnerable constructs.
+ * Looks for: nested quantifiers, overlapping alternation with quantifiers,
+ * and ambiguous repetition patterns.
+ */
+function isReDoSVulnerable(pattern) {
+    // Nested quantifiers: (x+)+ , (x*)* , (x+)* , (x*)+, (x{n,})+ etc.
+    // These cause exponential backtracking
+    if (/\([^)]*[+*]\)[+*{]/.test(pattern)) {
+        return 'nested quantifier — causes exponential backtracking';
+    }
+    // Quantified group containing alternation with overlap: (a|a)+, (a|ab)+
+    // Simplified: group with | and outer quantifier
+    if (/\([^)]*\|[^)]*\)[+*]{1,2}/.test(pattern)) {
+        // Check for character overlap in alternation branches
+        const groupMatch = pattern.match(/\(([^)]*\|[^)]*)\)[+*]/);
+        if (groupMatch) {
+            const branches = groupMatch[1].split('|');
+            if (branches.length >= 2) {
+                const first = branches[0].replace(/[+*?{}\\[\]()]/g, '');
+                const second = branches[1].replace(/[+*?{}\\[\]()]/g, '');
+                // If branches share starting characters, it's ambiguous
+                if (first.length > 0 && second.length > 0 && first[0] === second[0]) {
+                    return 'overlapping alternation with quantifier — ambiguous matching causes backtracking';
+                }
+            }
+        }
+    }
+    // Quantified group with .* or .+ inside: (.*something)+ or (.+x){2,}
+    if (/\([^)]*\.\*[^)]*\)[+*{]/.test(pattern) || /\([^)]*\.\+[^)]*\)[+*{]/.test(pattern)) {
+        return '.* or .+ inside quantified group — unbounded matching causes backtracking';
+    }
+    // Adjacent overlapping quantifiers without separator: \s*\s*, \d+\d+
+    if (/\\[dswDSW][+*]\\[dswDSW][+*]/.test(pattern)) {
+        return 'adjacent overlapping quantifiers — ambiguous boundary causes backtracking';
+    }
+    return null;
+}
+function regexDos(ctx) {
+    const findings = [];
+    // Check regex literals: /pattern/flags
+    for (const node of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.RegularExpressionLiteral)) {
+        const text = node.getText();
+        // Extract pattern (between first / and last /)
+        const lastSlash = text.lastIndexOf('/');
+        if (lastSlash <= 0)
+            continue;
+        const pattern = text.slice(1, lastSlash);
+        const vulnerability = isReDoSVulnerable(pattern);
+        if (vulnerability) {
+            findings.push(finding('regex-dos', 'warning', 'bug', `Regex vulnerable to ReDoS: ${vulnerability}`, ctx.filePath, node.getStartLineNumber(), { suggestion: 'Rewrite regex to avoid nested quantifiers, or use a linear-time regex engine (RE2)' }));
+        }
+    }
+    // Check new RegExp('pattern') constructors
+    for (const newExpr of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.NewExpression)) {
+        if (newExpr.getExpression().getText() !== 'RegExp')
+            continue;
+        const args = newExpr.getArguments();
+        if (args.length === 0)
+            continue;
+        const firstArg = args[0];
+        if (firstArg.getKind() !== SyntaxKind.StringLiteral)
+            continue;
+        const pattern = firstArg.getLiteralValue();
+        const vulnerability = isReDoSVulnerable(pattern);
+        if (vulnerability) {
+            findings.push(finding('regex-dos', 'warning', 'bug', `RegExp constructor vulnerable to ReDoS: ${vulnerability}`, ctx.filePath, newExpr.getStartLineNumber(), { suggestion: 'Rewrite regex to avoid nested quantifiers, or use a linear-time regex engine (RE2)' }));
+        }
+    }
+    return findings;
+}
+// ── Rule S10: missing-input-validation ────────────────────────────────
+// HTTP handler params (req.body, req.query, req.params) used directly
+// in logic without validation (no schema.parse, no if-check, no
+// parseInt/Number, no sanitize call).
+// CWE-20
+const USER_INPUT_PATTERNS = /req\.(body|query|params|headers)\b/;
+const VALIDATION_PATTERNS = /\.parse\(|\.validate\(|\.safeParse\(|parseInt\(|Number\(|Boolean\(|sanitize|validator\.|zod\.|yup\.|joi\.|ajv\.|superstruct|valibot/;
+function missingInputValidation(ctx) {
+    const findings = [];
+    // Find Express-style route handlers: (req, res) => { ... } or function(req, res) { ... }
+    for (const fn of [
+        ...ctx.sourceFile.getDescendantsOfKind(SyntaxKind.ArrowFunction),
+        ...ctx.sourceFile.getDescendantsOfKind(SyntaxKind.FunctionExpression),
+    ]) {
+        const params = fn.getParameters();
+        if (params.length < 2)
+            continue;
+        // Heuristic: first param named req/request, second named res/response
+        const firstName = params[0].getName();
+        const secondName = params[1].getName();
+        if (!/^req(uest)?$/.test(firstName) || !/^res(ponse)?$/.test(secondName))
+            continue;
+        const body = fn.getBody();
+        if (!body)
+            continue;
+        const bodyText = body.getText();
+        // Check if handler uses user input
+        if (!USER_INPUT_PATTERNS.test(bodyText))
+            continue;
+        // Check if any validation is present in the handler
+        if (VALIDATION_PATTERNS.test(bodyText))
+            continue;
+        // Extract which input sources are used
+        const sources = [];
+        const bodyMatch = bodyText.match(/req\.body/);
+        const queryMatch = bodyText.match(/req\.query/);
+        const paramsMatch = bodyText.match(/req\.params/);
+        if (bodyMatch)
+            sources.push('req.body');
+        if (queryMatch)
+            sources.push('req.query');
+        if (paramsMatch)
+            sources.push('req.params');
+        findings.push(finding('missing-input-validation', 'warning', 'bug', `HTTP handler uses ${sources.join(', ')} without input validation`, ctx.filePath, fn.getStartLineNumber(), { suggestion: 'Validate input with zod, joi, or manual checks before using in business logic' }));
+    }
+    return findings;
+}
+// ── Rule S11: prototype-pollution ─────────────────────────────────────
+// Object.assign() or spread from unvalidated external input.
+// Detects: Object.assign(target, req.body), { ...req.body }, merge(target, userInput)
+// CWE-1321
+const MERGE_FUNCTIONS = new Set(['merge', 'defaults', 'defaultsDeep', 'extend', 'assign']);
+function prototypePollution(ctx) {
+    const findings = [];
+    // Object.assign(target, untrustedSource)
+    for (const call of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.CallExpression)) {
+        const callee = call.getExpression();
+        // Object.assign(...)
+        if (callee.getKind() === SyntaxKind.PropertyAccessExpression) {
+            const pa = callee;
+            if (pa.getExpression().getText() === 'Object' && pa.getName() === 'assign') {
+                const args = call.getArguments();
+                // Check if any argument after the first is user input
+                for (let i = 1; i < args.length; i++) {
+                    const text = args[i].getText();
+                    if (USER_INPUT_PATTERNS.test(text) || /\bJSON\.parse\b/.test(text)) {
+                        findings.push(finding('prototype-pollution', 'error', 'bug', `Object.assign() with user input (${text.substring(0, 40)}) — prototype pollution risk`, ctx.filePath, call.getStartLineNumber(), { suggestion: 'Use a safe merge utility, or validate/strip __proto__ and constructor keys first' }));
+                        break;
+                    }
+                }
+            }
+        }
+        // Deep merge utilities: merge(target, userInput), _.defaults(target, userInput)
+        if (callee.getKind() === SyntaxKind.Identifier) {
+            const funcName = callee.getText();
+            if (MERGE_FUNCTIONS.has(funcName)) {
+                const args = call.getArguments();
+                for (const arg of args) {
+                    const text = arg.getText();
+                    if (USER_INPUT_PATTERNS.test(text) || /\bJSON\.parse\b/.test(text)) {
+                        findings.push(finding('prototype-pollution', 'warning', 'bug', `${funcName}() with user input — potential prototype pollution`, ctx.filePath, call.getStartLineNumber(), { suggestion: 'Validate input keys or use Object.create(null) as target' }));
+                        break;
+                    }
+                }
+            }
+        }
+        // lodash-style: _.merge, _.defaults, _.defaultsDeep, _.extend
+        if (callee.getKind() === SyntaxKind.PropertyAccessExpression) {
+            const pa = callee;
+            const objText = pa.getExpression().getText();
+            if ((objText === '_' || objText === 'lodash') && MERGE_FUNCTIONS.has(pa.getName())) {
+                const args = call.getArguments();
+                for (const arg of args) {
+                    const text = arg.getText();
+                    if (USER_INPUT_PATTERNS.test(text) || /\bJSON\.parse\b/.test(text)) {
+                        findings.push(finding('prototype-pollution', 'warning', 'bug', `${objText}.${pa.getName()}() with user input — potential prototype pollution`, ctx.filePath, call.getStartLineNumber(), { suggestion: 'Use a prototype-safe merge, or strip __proto__/constructor from input' }));
+                        break;
+                    }
+                }
+            }
+        }
+    }
+    // Spread from user input in object literal: { ...req.body }
+    for (const spread of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.SpreadAssignment)) {
+        const expr = spread.getExpression();
+        const text = expr.getText();
+        if (USER_INPUT_PATTERNS.test(text) || /\bJSON\.parse\b/.test(text)) {
+            findings.push(finding('prototype-pollution', 'warning', 'bug', `Spread from user input (${text.substring(0, 40)}) — prototype pollution risk if input contains __proto__`, ctx.filePath, spread.getStartLineNumber(), { suggestion: 'Destructure only known fields, or strip __proto__ and constructor keys' }));
+        }
+    }
+    return findings;
+}
+// ── Rule S12: information-exposure ────────────────────────────────────
+// Error responses that include stack traces, internal paths, or
+// unfiltered error objects sent to clients.
+// CWE-209
+function informationExposure(ctx) {
+    const findings = [];
+    for (const call of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.CallExpression)) {
+        const callee = call.getExpression();
+        if (callee.getKind() !== SyntaxKind.PropertyAccessExpression)
+            continue;
+        const pa = callee;
+        const methodName = pa.getName();
+        // res.json(), res.send(), res.status().json()
+        const isResponseMethod = methodName === 'json' || methodName === 'send';
+        if (!isResponseMethod)
+            continue;
+        // Walk up to check if this is on a response object (res.json or res.status(N).json)
+        let objText = pa.getExpression().getText();
+        // Handle chained: res.status(500).json(...)
+        if (objText.includes('.status(')) {
+            objText = objText.split('.')[0];
+        }
+        if (!/^res(ponse)?$/.test(objText))
+            continue;
+        const args = call.getArguments();
+        if (args.length === 0)
+            continue;
+        const argText = args[0].getText();
+        // Pattern 1: Sending raw error object — res.json(err), res.json({ error: err })
+        // err.stack, err.message with stack included, error.stack
+        if (/\.stack\b/.test(argText)) {
+            findings.push(finding('information-exposure', 'error', 'bug', 'Stack trace sent in response — exposes internal paths and code structure', ctx.filePath, call.getStartLineNumber(), { suggestion: 'Send a generic error message to clients; log the stack server-side' }));
+            continue;
+        }
+        // Pattern 2: Sending raw error in catch block — res.json(err) or res.send(err)
+        // Check if we're inside a catch clause
+        let ancestor = call.getParent();
+        let inCatch = false;
+        let catchVarName = '';
+        while (ancestor) {
+            if (ancestor.getKind() === SyntaxKind.CatchClause) {
+                inCatch = true;
+                const clause = ancestor;
+                const varDecl = clause.getVariableDeclaration();
+                if (varDecl)
+                    catchVarName = varDecl.getName();
+                break;
+            }
+            ancestor = ancestor.getParent();
+        }
+        if (inCatch && catchVarName) {
+            // Sending the raw error variable: res.json(err), res.json({ error: err })
+            const errRef = new RegExp(`\\b${catchVarName}\\b`);
+            if (errRef.test(argText)) {
+                // Check it's not just err.message (which is often safe)
+                const onlyMessage = new RegExp(`^\\{?\\s*\\w+:\\s*${catchVarName}\\.message\\s*\\}?$`);
+                if (!onlyMessage.test(argText.trim())) {
+                    findings.push(finding('information-exposure', 'warning', 'bug', `Raw error object '${catchVarName}' sent in response — may expose stack traces and internal details`, ctx.filePath, call.getStartLineNumber(), { suggestion: `Send only ${catchVarName}.message or a generic error string` }));
+                }
+            }
+        }
+        // Pattern 3: process.env or __dirname in response
+        if (/process\.env\b/.test(argText) || /\b__dirname\b/.test(argText) || /\b__filename\b/.test(argText)) {
+            findings.push(finding('information-exposure', 'warning', 'bug', 'Internal path or environment variable sent in response', ctx.filePath, call.getStartLineNumber(), { suggestion: 'Never expose process.env, __dirname, or __filename to clients' }));
+        }
+    }
+    return findings;
+}
+// ── Rule S13: prompt-injection ─────────────────────────────────────────
+// User input embedded into LLM prompts without sanitization.
+// Detects: template literals or string concatenation that include user input
+// flowing to LLM API calls (generateContent, chat.completions, etc.)
+// CWE-77 (Injection), OWASP LLM01
+/** Known LLM API call patterns */
+const LLM_API_PATTERNS = /\bgenerateContent\b|\bchat\.completions\b|\bcreate\b.*\bmodel\b|\bgenerate\b|\bsendMessage\b|\bcomplete\b/;
+/** Common prompt builder function names */
+const PROMPT_BUILDER_PATTERNS = /\bbuildPrompt\b|\bgeneratePrompt\b|\bsystemPrompt\b|\buserPrompt\b|\bcreatePrompt\b/;
+/** Sanitization function patterns */
+const PROMPT_SANITIZER_PATTERNS = /\bsanitizeForPrompt\b|\bescapePrompt\b|\bcleanPrompt\b|\bsanitize\w*\(/;
+function promptInjection(ctx) {
+    const findings = [];
+    // Check template literals that embed user input and flow to LLM calls
+    for (const template of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.TemplateExpression)) {
+        const text = template.getText();
+        // Does this template contain user input references?
+        const hasUserInput = USER_INPUT_PATTERNS.test(text) ||
+            /\b(question|userInput|userMessage|message|input|query|prompt|instruction|caption)\b/.test(text);
+        if (!hasUserInput)
+            continue;
+        // Is there a sanitizer wrapping the user input in this template?
+        if (PROMPT_SANITIZER_PATTERNS.test(text))
+            continue;
+        // Check if this template is used in an LLM context
+        // 1. Inside a function whose name suggests prompt building
+        let parent = template.getParent();
+        let inPromptContext = false;
+        while (parent) {
+            if (parent.getKind() === SyntaxKind.FunctionDeclaration ||
+                parent.getKind() === SyntaxKind.ArrowFunction ||
+                parent.getKind() === SyntaxKind.MethodDeclaration) {
+                const parentText = parent.getText().substring(0, 200);
+                if (PROMPT_BUILDER_PATTERNS.test(parentText) || LLM_API_PATTERNS.test(parentText)) {
+                    inPromptContext = true;
+                }
+                // Check function name
+                if (parent.getKind() === SyntaxKind.FunctionDeclaration) {
+                    const fnName = parent.getName() || '';
+                    if (/prompt|build.*prompt|generate.*prompt|system.*prompt/i.test(fnName)) {
+                        inPromptContext = true;
+                    }
+                }
+                break;
+            }
+            parent = parent.getParent();
+        }
+        // 2. Variable assigned to a name like "systemPrompt", "userPrompt"
+        const assignParent = template.getParent();
+        if (assignParent?.getKind() === SyntaxKind.VariableDeclaration) {
+            const varName = assignParent.getName();
+            if (/prompt|system|instruction/i.test(varName)) {
+                inPromptContext = true;
+            }
+        }
+        // Also check if template is assigned via `const x = ...`
+        if (assignParent?.getKind() === SyntaxKind.BinaryExpression) {
+            const leftText = assignParent.getLeft().getText();
+            if (/prompt|system|instruction/i.test(leftText)) {
+                inPromptContext = true;
+            }
+        }
+        if (!inPromptContext)
+            continue;
+        // Find which user input variable is unsanitized
+        const spans = template.getTemplateSpans();
+        for (const span of spans) {
+            const exprText = span.getExpression().getText();
+            // Skip if this specific expression is wrapped in sanitize
+            if (PROMPT_SANITIZER_PATTERNS.test(exprText))
+                continue;
+            // Skip simple property access on known safe objects
+            if (/^(intent|mixContext|analysisResults)\b/.test(exprText))
+                continue;
+            // Check if this is a user-controlled value
+            const isUserControlled = USER_INPUT_PATTERNS.test(exprText) ||
+                /^(question|userInput|userMessage|message|input|caption|instruction)\b/.test(exprText);
+            if (isUserControlled) {
+                findings.push(finding('prompt-injection', 'warning', 'bug', `User input '${exprText.substring(0, 50)}' embedded in LLM prompt without sanitization — prompt injection risk`, ctx.filePath, template.getStartLineNumber(), { suggestion: 'Wrap user input with sanitizeForPrompt() or equivalent before embedding in prompts' }));
+                break; // One finding per template
+            }
+        }
+    }
+    // Check string concatenation in prompt context: "You are... " + userInput
+    for (const bin of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.BinaryExpression)) {
+        if (bin.getOperatorToken().getKind() !== SyntaxKind.PlusToken)
+            continue;
+        const rightText = bin.getRight().getText();
+        const leftText = bin.getLeft().getText();
+        const fullText = bin.getText();
+        // Is this string concat involving user input?
+        const hasUserInput = USER_INPUT_PATTERNS.test(rightText) ||
+            /^(question|userInput|message|input|caption|instruction)\b/.test(rightText);
+        if (!hasUserInput)
+            continue;
+        // Is the left side a prompt-like string?
+        const isPromptConcat = /prompt|instruction|system|you are|analyze|review/i.test(leftText);
+        if (!isPromptConcat)
+            continue;
+        // Is it sanitized?
+        if (PROMPT_SANITIZER_PATTERNS.test(fullText))
+            continue;
+        findings.push(finding('prompt-injection', 'warning', 'bug', `User input concatenated into LLM prompt without sanitization — prompt injection risk`, ctx.filePath, bin.getStartLineNumber(), { suggestion: 'Use sanitizeForPrompt() on user input before concatenating into prompts' }));
+    }
+    return findings;
+}
+// ── Exported Security v3 Rules ────────────────────────────────────────
+export const securityV3Rules = [
+    regexDos,
+    missingInputValidation,
+    prototypePollution,
+    informationExposure,
+    promptInjection,
+];
+//# sourceMappingURL=security-v3.js.map

package/dist/rules/security-v3.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-v3.js","sourceRoot":"","sources":["../../src/rules/security-v3.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAEtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,SAAS,IAAI,CAAC,IAAY,EAAE,IAAY,EAAE,GAAG,GAAG,CAAC;IAC/C,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AAC9E,CAAC;AAED,SAAS,OAAO,CACd,MAAc,EACd,QAAsC,EACtC,QAAmC,EACnC,OAAe,EACf,IAAY,EACZ,IAAY,EACZ,KAA8B;IAE9B,OAAO;QACL,MAAM,EAAE,MAAM;QACd,MAAM;QACN,QAAQ;QACR,QAAQ;QACR,OAAO;QACP,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC;QAC7B,WAAW,EAAE,iBAAiB,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,GAAG,KAAK;KACT,CAAC;AACJ,CAAC;AAED,yEAAyE;AACzE,sEAAsE;AACtE,+CAA+C;AAC/C,EAAE;AACF,iEAAiE;AACjE,WAAW;AAEX;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,OAAe;IACxC,mEAAmE;IACnE,uCAAuC;IACvC,IAAI,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACvC,OAAO,qDAAqD,CAAC;IAC/D,CAAC;IAED,wEAAwE;IACxE,gDAAgD;IAChD,IAAI,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9C,sDAAsD;QACtD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC3D,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC1C,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBACzB,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;gBACzD,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;gBAC1D,wDAAwD;gBACxD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;oBACpE,OAAO,kFAAkF,CAAC;gBAC5F,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,IAAI,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACvF,OAAO,2EAA2E,CAAC;IACrF,CAAC;IAED,qEAAqE;IACrE,IAAI,8BAA8B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACjD,OAAO,2EAA2E,CAAC;IACrF,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,QAAQ,CAAC,GAAgB;IAChC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,uCAAuC;IACvC,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,wBAAwB,CAAC,EAAE,CAAC;QAC5F,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAC5B,+CAA+C;QAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,SAAS,IAAI,CAAC;YAAE,SAAS;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QAEzC,MAAM,aAAa,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,aAAa,EAAE,CAAC;YAClB,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,SAAS,EAAE,KAAK,EACjD,8BAA8B,aAAa,EAAE,EAC7C,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,kBAAkB,EAAE,EACvC,EAAE,UAAU,EAAE,oFAAoF,EAAE,CAAC,CAAC,CAAC;QAC3G,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,KAAK,MAAM,OAAO,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACpF,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC,OAAO,EAAE,KAAK,QAAQ;YAAE,SAAS;QAC7D,MAAM,IAAI,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;QACpC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACzB,IAAI,QAAQ,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,aAAa;YAAE,SAAS;QAC9D,MAAM,OAAO,GAAI,QAA6C,CAAC,eAAe,EAAE,CAAC;QAEjF,MAAM,aAAa,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,aAAa,EAAE,CAAC;YAClB,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,SAAS,EAAE,KAAK,EACjD,2CAA2C,aAAa,EAAE,EAC1D,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,kBAAkB,EAAE,EAC1C,EAAE,UAAU,EAAE,oFAAoF,EAAE,CAAC,CAAC,CAAC;QAC3G,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,yEAAyE;AACzE,sEAAsE;AACtE,gEAAgE;AAChE,sCAAsC;AACtC,SAAS;AAET,MAAM,mBAAmB,GAAG,oCAAoC,CAAC;AACjE,MAAM,mBAAmB,GAAG,qIAAqI,CAAC;AAElK,SAAS,sBAAsB,CAAC,GAAgB;IAC9C,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,yFAAyF;IACzF,KAAK,MAAM,EAAE,IAAI;QACf,GAAG,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,aAAa,CAAC;QAChE,GAAG,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,kBAAkB,CAAC;KACtE,EAAE,CAAC;QACF,MAAM,MAAM,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC;QAClC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QAEhC,sEAAsE;QACtE,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACvC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC;YAAE,SAAS;QAEnF,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC1B,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAEhC,mCAAmC;QACnC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,SAAS;QAElD,oDAAoD;QACpD,IAAI,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEjD,uCAAuC;QACvC,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAC9C,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,SAAS;YAAE,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACxC,IAAI,UAAU;YAAE,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC1C,IAAI,WAAW;YAAE,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAE5C,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,0BAA0B,EAAE,SAAS,EAAE,KAAK,EAChE,qBAAqB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,2BAA2B,EAClE,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,kBAAkB,EAAE,EACrC,EAAE,UAAU,EAAE,+EAA+E,EAAE,CAAC,CAAC,CAAC;IACtG,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,yEAAyE;AACzE,6DAA6D;AAC7D,sFAAsF;AACtF,WAAW;AAEX,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;AAE3F,SAAS,kBAAkB,CAAC,GAAgB;IAC1C,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,yCAAyC;IACzC,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAClF,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAEpC,qBAAqB;QACrB,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,wBAAwB,EAAE,CAAC;YAC7D,MAAM,EAAE,GAAG,MAAqD,CAAC;YACjE,IAAI,EAAE,CAAC,aAAa,EAAE,CAAC,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,CAAC,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;gBAC3E,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;gBACjC,sDAAsD;gBACtD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACrC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;oBAC/B,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACnE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,OAAO,EAAE,KAAK,EACzD,oCAAoC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,8BAA8B,EACvF,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,kBAAkB,EAAE,EACvC,EAAE,UAAU,EAAE,kFAAkF,EAAE,CAAC,CAAC,CAAC;wBACvG,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,gFAAgF;QAChF,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,UAAU,EAAE,CAAC;YAC/C,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;YAClC,IAAI,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;gBACjC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC;oBAC3B,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACnE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,SAAS,EAAE,KAAK,EAC3D,GAAG,QAAQ,oDAAoD,EAC/D,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,kBAAkB,EAAE,EACvC,EAAE,UAAU,EAAE,0DAA0D,EAAE,CAAC,CAAC,CAAC;wBAC/E,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,8DAA8D;QAC9D,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,wBAAwB,EAAE,CAAC;YAC7D,MAAM,EAAE,GAAG,MAAqD,CAAC;YACjE,MAAM,OAAO,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC,OAAO,EAAE,CAAC;YAC7C,IAAI,CAAC,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,QAAQ,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBACnF,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;gBACjC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC;oBAC3B,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACnE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,SAAS,EAAE,KAAK,EAC3D,GAAG,OAAO,IAAI,EAAE,CAAC,OAAO,EAAE,oDAAoD,EAC9E,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,kBAAkB,EAAE,EACvC,EAAE,UAAU,EAAE,uEAAuE,EAAE,CAAC,CAAC,CAAC;wBAC5F,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACtF,MAAM,IAAI,GAAG,MAAM,CAAC,aAAa,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAC5B,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,SAAS,EAAE,KAAK,EAC3D,2BAA2B,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,0DAA0D,EAC1G,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,kBAAkB,EAAE,EACzC,EAAE,UAAU,EAAE,wEAAwE,EAAE,CAAC,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,yEAAyE;AACzE,gEAAgE;AAChE,4CAA4C;AAC5C,UAAU;AAEV,SAAS,mBAAmB,CAAC,GAAgB;IAC3C,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAClF,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACpC,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,wBAAwB;YAAE,SAAS;QACvE,MAAM,EAAE,GAAG,MAAqD,CAAC;QACjE,MAAM,UAAU,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAEhC,8CAA8C;QAC9C,MAAM,gBAAgB,GAAG,UAAU,KAAK,MAAM,IAAI,UAAU,KAAK,MAAM,CAAC;QACxE,IAAI,CAAC,gBAAgB;YAAE,SAAS;QAEhC,oFAAoF;QACpF,IAAI,OAAO,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC,OAAO,EAAE,CAAC;QAC3C,4CAA4C;QAC5C,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACjC,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,SAAS;QAE7C,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACjC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAElC,gFAAgF;QAChF,0DAA0D;QAC1D,IAAI,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,OAAO,EAAE,KAAK,EAC1D,0EAA0E,EAC1E,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,kBAAkB,EAAE,EACvC,EAAE,UAAU,EAAE,oEAAoE,EAAE,CAAC,CAAC,CAAC;YACzF,SAAS;QACX,CAAC;QAED,+EAA+E;QAC/E,uCAAuC;QACvC,IAAI,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,IAAI,YAAY,GAAG,EAAE,CAAC;QACtB,OAAO,QAAQ,EAAE,CAAC;YAChB,IAAI,QAAQ,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,WAAW,EAAE,CAAC;gBAClD,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,MAAM,GAAG,QAA0C,CAAC;gBAC1D,MAAM,OAAO,GAAG,MAAM,CAAC,sBAAsB,EAAE,CAAC;gBAChD,IAAI,OAAO;oBAAE,YAAY,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC9C,MAAM;YACR,CAAC;YACD,QAAQ,GAAG,QAAQ,CAAC,SAAS,EAAE,CAAC;QAClC,CAAC;QAED,IAAI,OAAO,IAAI,YAAY,EAAE,CAAC;YAC5B,0EAA0E;YAC1E,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,YAAY,KAAK,CAAC,CAAC;YACnD,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzB,wDAAwD;gBACxD,MAAM,WAAW,GAAG,IAAI,MAAM,CAAC,qBAAqB,YAAY,qBAAqB,CAAC,CAAC;gBACvF,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;oBACtC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,SAAS,EAAE,KAAK,EAC5D,qBAAqB,YAAY,mEAAmE,EACpG,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,kBAAkB,EAAE,EACvC,EAAE,UAAU,EAAE,aAAa,YAAY,oCAAoC,EAAE,CAAC,CAAC,CAAC;gBACpF,CAAC;YACH,CAAC;QACH,CAAC;QAED,kDAAkD;QAClD,IAAI,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACtG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,SAAS,EAAE,KAAK,EAC5D,wDAAwD,EACxD,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,kBAAkB,EAAE,EACvC,EAAE,UAAU,EAAE,+DAA+D,EAAE,CAAC,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,0EAA0E;AAC1E,6DAA6D;AAC7D,6EAA6E;AAC7E,qEAAqE;AACrE,kCAAkC;AAElC,kCAAkC;AAClC,MAAM,gBAAgB,GAAG,2GAA2G,CAAC;AACrI,2CAA2C;AAC3C,MAAM,uBAAuB,GAAG,qFAAqF,CAAC;AACtH,qCAAqC;AACrC,MAAM,yBAAyB,GAAG,wEAAwE,CAAC;AAE3G,SAAS,eAAe,CAAC,GAAgB;IACvC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,sEAAsE;IACtE,KAAK,MAAM,QAAQ,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAC1F,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC;QAEhC,oDAAoD;QACpD,MAAM,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC;YACjD,qFAAqF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnG,IAAI,CAAC,YAAY;YAAE,SAAS;QAE5B,iEAAiE;QACjE,IAAI,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAEnD,mDAAmD;QACnD,2DAA2D;QAC3D,IAAI,MAAM,GAAwC,QAAQ,CAAC,SAAS,EAAE,CAAC;QACvE,IAAI,eAAe,GAAG,KAAK,CAAC;QAC5B,OAAO,MAAM,EAAE,CAAC;YACd,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,mBAAmB;gBACnD,MAAM,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,aAAa;gBAC7C,MAAM,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,iBAAiB,EAAE,CAAC;gBACtD,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBACtD,IAAI,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;oBAClF,eAAe,GAAG,IAAI,CAAC;gBACzB,CAAC;gBACD,sBAAsB;gBACtB,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,mBAAmB,EAAE,CAAC;oBACxD,MAAM,MAAM,GAAI,MAAiD,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC;oBAClF,IAAI,uDAAuD,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;wBACzE,eAAe,GAAG,IAAI,CAAC;oBACzB,CAAC;gBACH,CAAC;gBACD,MAAM;YACR,CAAC;YACD,MAAM,GAAG,MAAM,CAAC,SAAS,EAAyC,CAAC;QACrE,CAAC;QAED,mEAAmE;QACnE,MAAM,YAAY,GAAG,QAAQ,CAAC,SAAS,EAAE,CAAC;QAC1C,IAAI,YAAY,EAAE,OAAO,EAAE,KAAK,UAAU,CAAC,mBAAmB,EAAE,CAAC;YAC/D,MAAM,OAAO,GAAI,YAAuD,CAAC,OAAO,EAAE,CAAC;YACnF,IAAI,4BAA4B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC/C,eAAe,GAAG,IAAI,CAAC;YACzB,CAAC;QACH,CAAC;QACD,yDAAyD;QACzD,IAAI,YAAY,EAAE,OAAO,EAAE,KAAK,UAAU,CAAC,gBAAgB,EAAE,CAAC;YAC5D,MAAM,QAAQ,GAAI,YAAoD,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,CAAC;YAC3F,IAAI,4BAA4B,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChD,eAAe,GAAG,IAAI,CAAC;YACzB,CAAC;QACH,CAAC;QAED,IAAI,CAAC,eAAe;YAAE,SAAS;QAE/B,gDAAgD;QAChD,MAAM,KAAK,GAAG,QAAQ,CAAC,gBAAgB,EAAE,CAAC;QAC1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC,OAAO,EAAE,CAAC;YAChD,0DAA0D;YAC1D,IAAI,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YACvD,oDAAoD;YACpD,IAAI,wCAAwC,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAEtE,2CAA2C;YAC3C,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACzD,uEAAuE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAEzF,IAAI,gBAAgB,EAAE,CAAC;gBACrB,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,SAAS,EAAE,KAAK,EACxD,eAAe,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,uEAAuE,EAC/G,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,kBAAkB,EAAE,EAC3C,EAAE,UAAU,EAAE,oFAAoF,EAAE,CAAC,CAAC,CAAC;gBACzG,MAAM,CAAC,2BAA2B;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnF,IAAI,GAAG,CAAC,gBAAgB,EAAE,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,SAAS;YAAE,SAAS;QAExE,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC,OAAO,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC;QAE/B,8CAA8C;QAC9C,MAAM,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC;YACtD,2DAA2D,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9E,IAAI,CAAC,YAAY;YAAE,SAAS;QAE5B,yCAAyC;QACzC,MAAM,cAAc,GAAG,mDAAmD,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC1F,IAAI,CAAC,cAAc;YAAE,SAAS;QAE9B,mBAAmB;QACnB,IAAI,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEvD,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,SAAS,EAAE,KAAK,EACxD,sFAAsF,EACtF,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,kBAAkB,EAAE,EACtC,EAAE,UAAU,EAAE,yEAAyE,EAAE,CAAC,CAAC,CAAC;IAChG,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,yEAAyE;AAEzE,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,QAAQ;IACR,sBAAsB;IACtB,kBAAkB;IAClB,mBAAmB;IACnB,eAAe;CAChB,CAAC"}

package/dist/rules/security-v4.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Security v4 rules — LLM prompt injection attack surface.
+ *
+ * Covers 10 attack vectors beyond basic prompt injection (v3):
+ *   S14: indirect-prompt-injection — DB-stored data flows to LLM prompt
+ *   S15: llm-output-execution — LLM output passed to eval/exec
+ *   S16: system-prompt-leakage — system prompt exposed in responses
+ *   S17: rag-poisoning — retrieval results flow unsanitized to prompt
+ *   S18: tool-calling-manipulation — user input controls tool names/schemas
+ *   S19: encoding-bypass — decoded content enters prompt unsanitized
+ *   S20: delimiter-injection — user input with delimiters in prompt context
+ *   S21: unsanitized-history — chat history pushed without sanitization
+ *   S22: json-output-manipulation — JSON.parse on LLM output without schema
+ *   S23: missing-output-validation — LLM output used without validation
+ *
+ * All AST-based. Always active regardless of target.
+ * OWASP LLM01-LLM09
+ */
+import type { ReviewFinding, RuleContext } from '../types.js';
+declare function indirectPromptInjection(ctx: RuleContext): ReviewFinding[];
+export declare const securityV4Rules: (typeof indirectPromptInjection)[];
+export {};